As much as 47% users who ran BrowserCheck were on Windows XP, while 32% were using Windows 7. Meanwhile, 36% performed from the scan Internet Explorer 8 and 34% from Firefox 3.6.

The most commonly installed plugin was Flash, being found on 97% of computers, and it was closely followed by Windows Media Player, with a rate of 95%. Adobe Reader and Java Runtime followed, both with around 80%, while Silverlight completed the top five with 65%.

The security stats [pdf] showed that between 25% and 30% users were missing security updates for the browser themselves. Java was deemed the most vulnerable plugin with over 40% of installations being outdated and Adobe Reader followed with 32%.

Quicktime and Flash were almost on par with 25% and 24%, respectively, while Shockwave was not far behind with 21%.

The fact that Java has the highest number of outdated installations is reflected in attacks, drive-by download kits showing Java exploits as having the highest success rate.

This suggests that Java's updater could use an overhaul as it's clearly not doing its job properly. Adobe Reader used to have the same problem, but Adobe listened to critics and made improvements.

That is probably the reason why two months after launch, Adobe Reader X, the latest version of the program which comes with sandboxing technology, had an adoption rate of over 60%.

If things continue down this path, browser vendors might have to take the issue into their own hands and force users to update plugins. Google is already working on a system for Chrome to automatically disable outdated plugins.